Forgot your password?
typodupeerror

Interview with a Botmaster 291

Posted by Zonk
from the honest-living-made-easy dept.
An anonymous reader writes "The Washington Post is running a fascinating feature profiling a couple of botnet operators who make thousands of dollars each month installing adware on machines they infect. This is by far the most detailed examination of this issue I've seen so far -- and includes an interview with the CEO of 180Solutions, as well as interviews with some of the botmasters' victims. From the story: 'Most days, I just sit at home and chat online while I make money,' 0x80 says. 'I get one check like every 15 days in the mail for a few hundred bucks, and a buncha others I get from banks in Canada every 30 days.' He says his work earns him an average of $6,800 per month, although he's made as much as $10,000. Not bad money for a high school dropout.'"
This discussion has been archived. No new comments can be posted.

Interview with a Botmaster

Comments Filter:
  • Disgusting (Score:5, Insightful)

    by PunkOfLinux (870955) <mewshi@mewshi.com> on Saturday February 18, 2006 @08:40AM (#14748812) Homepage
    This is sick. This is a terrible misuse of the internet. People installing this sort of software on other peoples' computers should be shot on sight - or connection. There needs to be a removal of the incentive for them - such as cutting the money they would receive down to almost nothing.
    • Re:Disgusting (Score:3, Interesting)

      by ooze (307871)
      Well, you need those kind of people. Those kind of people are the backbone of our society. Prolific tools, with no own means of judgement. As the guy said for himself at the end of the story, he wants to join th army. The kind of people shady companies and crime syndicates and sects are relying on and exploiting to fuck with people are the same kind of people governments, "good" corporations and churches are relying on to fuck with people and exploit them.

      If I could I would come up with a nice Team America
      • Why are you under the impression that the church would want to exploit you? I'd love to see guys like this in church, but so that they can be saved and change, not so that we can use them to exploit people.
        • Re:Disgusting (Score:2, Insightful)

          by gwiner (685297)
          It's the propensity of churches to try to "save" or convert someone to their viewpoint, with little apparent tolerance for other perspectives that leads many to see some religions as manipulative and exploitative. While I realize outreach is central to the core mission of many religions, I think it's easy to see how that mission could be perceived as overbearing and controlling.
          • Re:Disgusting (Score:2, Interesting)

            by mrchaotica (681592)
            ... leads many to see some religions as manipulative and exploitative.
            Don't you mean all religions? After all, the defining characteristic of religion is that they all think they have the One True Answer, and that Everyone Else Is Wrong.
            • by theapodan (737488)
              So then slashdot is a religion?
            • After all, the defining characteristic of religion is that they all think they have the One True Answer, and that Everyone Else Is Wrong


              Buddhism and Unitarianism are two counter-examples to that characterization. There are probably others as well.

          • The trouble is that tolerance has become a grossly misused word these days. Being tolerant of an idea doesn't mean saying that it could be right. It means giving people a choice and not persecuting them if they choose differently to how would like them to. It is perfectly consistent to be tolerant of someone's views while also being convinced that they are wrong and trying to persuade them through reason and debate to change their mind.
      • Well, you need those kind of people. Those kind of people are the backbone of our society


        If criminals are now "the backbone of our society", then our society is fucked.


        If I could I would come up with a nice Team America Dick/Pussy/Asshole imagery. But well.


        You realize that movie was a satire, right?

  • Empty life (Score:5, Insightful)

    by tomjen (839882) on Saturday February 18, 2006 @08:42AM (#14748816)
    So he sits home and chat all day? that sounds like a pretty empty and dull life to me.

    I would not mind not having to work for the money, but i would properly do some programming or simular nerd activites.

    Just sitting and chatting is okay, but not allday everyday.
  • Torch and Pitchfork (Score:5, Interesting)

    by DSL-Admin (597132) on Saturday February 18, 2006 @08:42AM (#14748818)
    I see a mod of "monster" hunters in this guy's future. --on the other hand, that's a nice chunk of change per month.. Oh, Wait... I've had to remove that Ad-Ware from customer machines... He's a witch. BURN HIM!!!!
    • No incentive (Score:3, Insightful)

      by MrNougat (927651)
      So the botnet guy is getting his money, and when someone has to call you to clean up, you get paid, too. Where's the real incentive for anyone with technical knowledge to make real advances in protection against these kinds of intrusions?

      Admission: I am also the guy who gets paid to clean up adware, among other things. Adware cleaning is quite the profitable business, and there's little risk to it, since anything that goes wrong can be attributed to the malicious software, which the client is already emba
  • by Opportunist (166417) on Saturday February 18, 2006 @08:43AM (#14748822)
    Selling crack to highschoolers he could make a multiple of that.
    • I suggest you go read Freakonomics [freakonomics.com], where they tackle the myth of crack-dealers earning lots and lots of cash. Those who peddle the stuff on the street are actually low-income earners. Non-comission Amazon link here. [amazon.com]
      • To be honest, I don't know what a crack dealer actually makes. I used him as the archetypical criminal making loads of money. For your convenience, replace him with another stereotype that makes lots of money by abusing and ripping off millions who don't know better or who depend on him for their life or at least wellbeing.

        What's the name of the Sony boss, btw?
      • by 1u3hr (530656) on Saturday February 18, 2006 @11:22AM (#14749383)
        suggest you go read Freakonomics, where they tackle the myth of crack-dealers earning lots and lots of cash.

        And we only have the "botmaster's" word for the thousands per month he supposedly earns. Rule #1: Spammers lie.

        That he agreed to be interviewed shows he enjoys the attention (though he perforce remains anonymous). Who knows how much he really earns? (And does he report this to the IRS -- that's how they got Capone -- no need to write special laws if they're breaking old ones.)

  • by gruntled (107194) on Saturday February 18, 2006 @08:43AM (#14748823)
    I'm frankly astounded that no other major newspaper has a guy on the computer security beat full time, though technically I think Brian Krebs is attached to the Post's Web site. In any event, I think Krebs is absolutely the best reporter writing about computer security in the mainstream media today. At least since I stopped :-).
  • Anonymity? (Score:5, Funny)

    by avij (105924) * on Saturday February 18, 2006 @09:03AM (#14748871) Homepage
    The young hacker, who has agreed to be interviewed only if he isn't identified by name or home town,...

    From the attached photo: LOCATION: Roland, OK

    "To tell the truth ... I'm sorta surprised they haven't caught me yet," he says.

    Oops.
    • by Anonymous Coward
      There are only around 1500 males resident in the town, [city-data.com] that's not a large haystack.
    • by ettlz (639203)

      Now why did that remind me of (from SNPP's capsule for 2F06):

      Jones. Tonight on "Rock Bottom", we go undercover at a sex farm for sex hookers.
      Farmer. I keep telling you, I just grow sorghum here.
      Man. Uh huh. And where are the hookers?
      Farmer. 'round back.
      Oops.
    • Re:Anonymity? (Score:4, Interesting)

      by kjamez (10960) on Saturday February 18, 2006 @11:38AM (#14749439) Homepage
      not that this is on or off topic, but i was once arrested in roland, ok (not using a signal escalated into a 'zero tolerance' law violation) ... dirty little town of 1500 or so people, 13 fully-loaded police cars, and using a double-wide as their community jail/court/police station. seems like ONE of those over zealous police officers would know this guy ... or IS this guy, for that matter ...
    • Was that inserted by hand back at the washington post's offices? If that was the case, it was a really stupid thing to do...
  • Not bad money for a high school dropout.

    He should have waited to drop out of college, steal some interesting new code to infect people's computers, and then go on a grander scale with his own BotNet mega-empire called 'Botulized'
  • Botmaster Dirtbag (Score:5, Insightful)

    by FishandChips (695645) on Saturday February 18, 2006 @09:08AM (#14748888) Journal
    It is a fascinating article, a kind of anti-CEBIT that must be played out in thousands of trailer parks and down-at-heel developments all over the world. No real surprises, though. Organized criminal activities are probably the same everywhere: long periods of boredom punctuated by brief spurts of intense activity, and all supported by lies of the "Naturally I wouldn't sink this low if my victims weren't so dumb they deserved it" kind.

    I'd still like to see the CEO's of the top six IT companies put on a public platform and made to answer some tough questions. Like, with all their personal billions and access to hundreds of billions in corporate funds, what are they actually doing to track down guys like these and nail them? So far as I can see, the answer is "As little as we can get away with". And the Feds seem to be used as a get out: we've handed the matter over to the Feds so there's absoutely nothing we can do, nudge nudge wink wink, wanna buy Symantec Internet Security cheap to you squire?

    Until the IT industry grows up enough to start dealing with some of the consequences it has created, I don't think it deserves anyone's support. And meanwhile Botmaster Dirtbags everywhere will continue to flourish. Just my two cents.
    • I'd still like to see the CEO's of the top six IT companies put on a public platform and made to answer some tough questions. Like, with all their personal billions and access to hundreds of billions in corporate funds, what are they actually doing to track down guys like these and nail them?

      You actually, seriously want the top-six IT companies to employ their own security experts for tracking down and nailing "criminals"? I mean, citizen-arrests are scary enough, due to the reasonable number of slightly

    • by SmallFurryCreature (593017) on Saturday February 18, 2006 @09:30AM (#14748950) Journal
      Of two people.

      The first, Bill Gates, when are you going to produce a secure OS that does not get owned in the millions by the first kiddy who tries?

      The second to Joe "Windows == computers" Average, when are you going to treath your computer like you would treath your house or car and lock it properly and not put all you valuables on the seat of your convertable with the top down?

      Botnets exist for two reasons, lousy software and the people that use it. Not very suprising the article totally failed to touch on this issue. I wonder how much MSFT spends in advertising at the wasinghton post.

      • Botnets exist for two reasons, lousy software and the people that use it.

        I wouldn't blame it to "lousy" software. The Windows NT family OS has a good security architecture. Problem is not software, but the way people use it. Microsoft is to blame here big time because for ages they pretty much left everyone and their dogs use the PC with root privileges AND they have a boatload of useless services turned on by default.

        IMO the botnet plague is entirely a human issue:
        - Microsoft encourages people to use thei
      • I partially agree with this. I know a guy who uses IE even though I've told him over and over again how insecure it is and how much more secure practically every other browser out there is. I've recommened Opera to him again and again - I prefer FF but his machine has only 128 mb RAM. But just yesterday I cleaned off spyware on another person's computer and they didn't even understand the difference between spyware and viruses. They were also complaining about pop-ups because they didn't have a pop-up block

      • Yeah because everybody knows that Linux and MacOS never need online security updates.

        Oh, wait. They do. And in fact on Linux/MacOS the user has to manually trigger a software update (at least in most versions) whereas Windows has done it automatically for years. Yet these people just don't apply the updates.

        If I had a dollar for every time I've seen somebodies computer go "Beep! Please click me so I can install updates!" and have them ignore it saying something like "Oh yeah it says that all the time, s

        • I feel sorry for the guys parents and wonder what they did wrong.

          0x80 himself explains his rationalization:

          "All those people in my botnet, right, if I don't use them, they're just gonna eventually get caught up in someone else's net, so it might as well be mine," 0x80 says.

          I couldn't help but notice, this is precisely the argument google uses to justify censoring their web searches in China: "if we don't do it, we'll just lose the market to somebody who will. So we might as well make some money."

        • There are flaws in Microsoft's Windows Updates:

          1. First they seem to break stuff from time to time. A recent IE6 patch to XP caused .gif images to stop displaying on Web pages if they were made in certani programs. There have been more major bugs, but a proper test cycle is key, if not to lock things down short-term and then open them up with a better solution a few days later. There is no reason why these patches should change functionality when enabling security. Service packs and updates, sure. Not
        • in 10.3 and 10.4 Software Update automatically lets me know when and what updates are availible for all Apple software on my machine. If I decline and update of any kind for whatever reason, it lets me know again 12 hours (approx) later, untill I finally update. I wouldn't say your characterization is true of "most versions" of OS X. Can't say for versions or Linux. And why you're grouping OSX and Linux together anyways just seems silly.
        • by ScrewMaster (602015) on Saturday February 18, 2006 @12:57PM (#14749827)
          I feel sorry for the guys parents and wonder what they did wrong.

          They had sex. Next question.
        • "And in fact on Linux/MacOS the user has to manually trigger a software update"

          you've never used a mac have you? it is hard not to notice the SECURITY UPDATE icon BOUNCING like crazy on the dock
        • Slightly confused on your posistion here

          "Oh, wait. They do. And in fact on Linux/MacOS the user has to manually trigger a software update (at least in most versions) whereas Windows has done it automatically for years. Yet these people just don't apply the updates."

          First point Linux at least in the case of suse linux 9.3 has yast online update. you can configure it to update daily or weekly. not difficult to find either there is a welcome icon which asks you if you want to get updates and when going for p
      • While I don't like Windows much either, I think you're missing the point. If there was no Windows, there might be less script kiddies (until good scripts came out) but hackers would then go after Linux. It's not that *nix is impervious to attacks, far from it. Go check out Slapper [f-secure.com] sometime.

        This is merely a case of ease of use. If it's easy for someone to "0wn" a Windows machine, of which there are far more desktops, why go for anything else? That has no bearing on any other system being good, just that you

    • I'd agree, but add this -

      The real crime here was the characterization of the actions in these articles. "Makes the computer slow and less productive", "Annoying", etc.

      This is SO WRONG - and THIS perception is what we are SELLING to the public... THIS is the mantra that a "victim" will chant. "It's wrong because it is an inconvenience!"

      No, sorry - these are all acts of felony tampering... from the initial install of the adware, to each popup that appears: insertion of data; theft of service; unauthorized a
  • botmaster? (Score:5, Insightful)

    by Afecks (899057) on Saturday February 18, 2006 @09:08AM (#14748891)
    is that what we are calling script kiddies these days?
  • by Cron0s (955401) on Saturday February 18, 2006 @09:27AM (#14748942)
    I kill botmasters for money. Quick and Discrete. Give target's name and credit card number (with sec. code) on the thread to order.
  • by rworne (538610) on Saturday February 18, 2006 @09:32AM (#14748964) Homepage
    $6800-$10000 per month income. As checks. I'd bet that:

    1. None of these companies are withholding federal and state taxes and social security
    2. I'm also pretty sure he's not getting 1099'd either
    3. He does not report this money as income

    The IRS would love to get their mitts on this guy. Any income (including illegal income) is still taxable income to them.
  • The "botmaster" kid (Score:5, Interesting)

    by csirac (574795) on Saturday February 18, 2006 @09:33AM (#14748969) Homepage
    Sounds like he's painted as someone in an economically depressed area with few opportunities, using his skills to make a lot of money for himself.

    Which would be the same as with a lot of criminal activities, it seems.

    By the end of TFA he's wondering why he hasn't been caught yet, waiting for his little game to blow up in his face. Then talking about joining the Army so he can get into college and make a sustainable future for himself.

    Interesting perspective. Not a bad article.
  • by catdevnull (531283) on Saturday February 18, 2006 @09:35AM (#14748978)
    The worst thing is that Microsoft is going to make m/billions more by charging $49.95 a year from every freaked-out Windows user who reads this article and it still won't do a damn thing to help them.
  • by lbft (950835) on Saturday February 18, 2006 @09:37AM (#14748983) Homepage
    Whilst I don't like scum like the guy interviewed in TFA, if there was no financial incentive the professional botmasters would have to, you know, actually earn a living somehow other than screwing people over.

    It's a cop out for the companies whose software is being installed to say, "Hey! Look, guys, honestly, we don't know anything about it!" They don't really care.

    It's even more of a cop out for the companies whose ads are running on the adware that's being used - "We didn't know it was going to be showing without users' consent!" But they don't care either.

    If companies showed some sort of sense of ethics this wouldn't happen. HAH! There's no room for ethics in business today.
  • Absurd (Score:4, Insightful)

    by ereshiere (945922) on Saturday February 18, 2006 @09:38AM (#14748987)
    So the New York Times [nytimes.com] (don't pay for the article) busts some kid for stripping online, but the Washington Post won't bust this idiot?

    One has little impact on anyone but himself, the other causes headaches for people all over the world.

    Some priorities!

  • The nearest businesses [include] a strip club, where 0x80 says he recently dropped $800 for an hour alone in a VIP room with several dancers.

    I hope at that rate the club had damn good wireless Internet access!

  • ..6,800 dollars a month.. did the reporter for the post verify this ..only clamwin a bitdefender can see my software....oh, i see, this is the newest gen of spy-advertising

    next week, the intrepid dupes from teh mainstream media interview the credit card thief who notes that "only brandx visa cards have good security...."
  • by NorbrookC (674063) on Saturday February 18, 2006 @09:42AM (#14749003) Journal

    There are times when I wonder why some people think it's "cool" to pervert technology. Phone Phreaks, crackers, virus writers, and now botnets. I've seen them for almost 25 years, and each generation uses the same lame justifications for their behavior. "It's easy money." "It's free." "People are dumb." "If I didn't do it, someone else would." etc., etc., etc.

    It isn't cool, and it's not a "victimless crime." People who get infected are victims, because they have software they don't want on their computers, risk identity theft, suffer through poor performance with their computers, and end up having to pay someone to help them. Companies and businesses lose, because they have to spend money and time fixing problems that could be spent doing something productive. We all are victims, since each one of those botnets create problems for us by taking useful services off-line through DDOS attacks, or forcing admins to block traffic from various IP's - and we might just be in that batch of blocked IPs. Even the ad company's are getting ripped off.

    I found this quote from the article ironic: "It sucks, too, because the companies will shaft you, and there isn't a lot you can do about it," says Majy, 19, who claims to have had as many as 30,000 computers in his botnet."

    He's complaining about being ripped off by the people he's trying to rip off! Excuse me while I devote a nanosecond to feeling sorry for him. They need to get a clue. Yeah, maybe with a real education and job you won't make 10 grand a month now and then. But, you also don't have to worry about people crashing through your door, and spending a few years getting pwned by the guys at the prison.

  • The Articles (Score:2, Insightful)

    by fdiskne1 (219834)
    These articles are just so wrong on so many levels. First the accuracy. "Adware also known as spyware"? Now I know there are similarities but you can't say they are one in the same. Many other small inaccuracies. Then you have the victims who admit they would rather buy a new computer than fix the one they have. Come on! It's just your OS! Reload it! And they don't want to be bothered with learning how to secure their computer. Then the sysadmin who is notified that he has 10,000 machines on his network inf
  • by ylikone (589264) on Saturday February 18, 2006 @10:19AM (#14749125) Homepage
    Instead of going after every "botmaster", lets unite as geeks and nerds for justice and take down the enablers of these cybercrimes. Starting with www.180solutions.com [180solutions.com]
  • "Not bad money for a high school dropout."

    My definition of "bad" covers this one.

  • by RossumsChild (941873) on Saturday February 18, 2006 @11:27AM (#14749402)

    From TFA:

    0x80 says he got into writing viruses by accident after logging onto an AOL chat room named "Lesbians Only."

    "Someone sent me a virus that made it so that every time I typed anything on the keyboard it would pop a message up on the screen that said, 'I'M [expletive] GAY!'" 0x80 recalls. [. . .]

    After that, 0x80 became obsessed with computer viruses and dedicated nearly all his time to tinkering with them.

    So if any of you know the moron who spent his free time 7 years ago distributing comical viruses via lame AOL chat rooms. . . give him this message: the tech community which spends disgusting amounts of time fixing the problems your prodigy generates would like a word with you.

    Come alone.

  • The appeal of it all (Score:2, Interesting)

    by Odocoileus (802272)
    Not that I would ever do this, but am I the only one who finds the whole thing interesting? Who hasn't watched a movie with some high rolling criminal dude and thought, on some level, weeeee. Botnets are the perfect area for the average person to enter the world of illegal profit with a minimum of hassle. Be your own crime boss! And nobody dies! No children get sold drugs! This is a chance to make money, and get that special little naughty feeling, with very little moral violation. I just point this out to
  • I have to say while it has a familiar ring of other articles I've read about "crackers", it was IMHO well done for a mainstream press article. I only hope that more "average" users will read it and then do a better job of updating and securing their computer.
  • This bot twats address was posted under an image, as part of the meta data - now it isn't fucking there, it was a town beginning with P?????? SHIT I knew I should have saved it, I just went back.

    Does anyone have a copy of this? It was under a location tag:

    Location: P?????

    DAMN!
  • Total Idiot (Score:3, Interesting)

    by Thanatopsis (29786) <`despain.brian' `at' `gmail.com'> on Saturday February 18, 2006 @01:12PM (#14749903) Homepage
    Well his details have been outed by the meta content of the jpeg. He's just dumb. Why?
    "He claims he doesn't care but then confesses that he dedicates quite a bit of time to covering his tracks. "I do stay up very late each night trying to make sure nobody is going to kick in my front door . . . If I do [get caught], I'm not all that worried. I've got enough money. I can always get a good lawyer."

    I've got enough money? Nope as your money is proceeds from a criminal enterprise, it is most certainly going to be frozen as restitution to his victims. Even if he makes $10,000 per month, a defense of these sorts of crimes is going to cost several hundred thousand dollars. I doubt very much this guys is saving much money. He just doesn't know how much these things cost. My prediction for this guy. 5 years in "pound me in the ass" federal prison.

    Young and stupid.
  • by Red_Chaos1 (95148) on Saturday February 18, 2006 @02:01PM (#14750229)
    ...of the people who frequent /., a lot of you sure seem to be ignorant. How many of you actually completed reading the article? You're quick to talk all kinds of smack about this guy, what a douche he is, etc. but it seems nobody has read near the end of the article where he talks of coming to realize that what he's doing can't last forever, and isn't really all that great, and that he is actually looking at making something of himself instead of doing the crap he currently is. While I don't like what he's been doing, I do applaud his self realization, and the fact that on his own he is admitting it's not great, and actually voices aspirations to do better things, to gain a little discipline. The knowledge he has now and uses to do bad could just as easily be used to do good, and be every bit as lucrative and exciting for him.

    Just a little advice folks, as with anything else, be sure to have the whole picture/story before going off half cocked, because it makes you look as dumb as the kid in the article sounds.
    • How many of you actually completed reading the article?

      Er, well, I did. I don't know why anyone who started reading the article wouldn't finish it. It's not long and it's quite well-written and interesting.

      but it seems nobody has read near the end of the article where he talks of coming to realize that what he's doing can't last forever, and isn't really all that great, and that he is actually looking at making something of himself [...]

      Yeah, I read that bit too. And just like most of the other pe

  • by Animats (122034) on Saturday February 18, 2006 @02:15PM (#14750328) Homepage
    The usual places where you rent botnets, Specialham [specialham.com] and Spamforum [spamforum.biz] are down today. When the heat is on, they tend to go offline, but come back in days or weeks.
  • by rpg25 (470383) on Saturday February 18, 2006 @05:39PM (#14751494)
    the hacker known online as "0x80" (pronounced X-eighty)
    Shouldn't that be "pronounced one-twenty-eight"? ;-)

Some people have a great ambition: to build something that will last, at least until they've finished building it.

Working...